From a863acba3359eba63d9742b227d6b9901f91e65c Mon Sep 17 00:00:00 2001
From: Arto Jantunen <arto@vainu.io>
Date: Wed, 11 Jul 2018 09:32:04 +0300
Subject: [PATCH] Allow using the PodSafeToEvictKey annotation in reverse

Adding the "cluster-autoscaler.kubernetes.io/safe-to-evict": "false"
annotation to a pod prevents the cluster autoscaler from touching it.
---
 cluster-autoscaler/FAQ.md               | 4 ++++
 cluster-autoscaler/utils/drain/drain.go | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/cluster-autoscaler/FAQ.md b/cluster-autoscaler/FAQ.md
index e7aab6d3e5..1fb1975efc 100644
--- a/cluster-autoscaler/FAQ.md
+++ b/cluster-autoscaler/FAQ.md
@@ -78,6 +78,10 @@ Cluster Autoscaler decreases the size of the cluster when some nodes are consist
 * Pods with local storage. *
 * Pods that cannot be moved elsewhere due to various constraints (lack of resources, non-matching node selctors or affinity,
 matching anti-affinity, etc)
+* Pods that have the following annotation set:
+```
+"cluster-autoscaler.kubernetes.io/safe-to-evict": "false"
+```
 
 <sup>*</sup>Unless the pod has the following annotation (supported in CA 1.0.3 or later):
 ```
diff --git a/cluster-autoscaler/utils/drain/drain.go b/cluster-autoscaler/utils/drain/drain.go
index 02c9aa73f2..7fb56d97b9 100644
--- a/cluster-autoscaler/utils/drain/drain.go
+++ b/cluster-autoscaler/utils/drain/drain.go
@@ -195,6 +195,9 @@ func GetPodsForDeletionOnNodeDrain(
 			if HasLocalStorage(pod) && skipNodesWithLocalStorage {
 				return []*apiv1.Pod{}, fmt.Errorf("pod with local storage present: %s", pod.Name)
 			}
+			if hasNotSafeToEvictAnnotation(pod) {
+				return []*apiv1.Pod{}, fmt.Errorf("pod annotated as not safe to evict present: %s", pod.Name)
+			}
 		}
 		pods = append(pods, pod)
 	}
@@ -246,3 +249,8 @@ func checkKubeSystemPDBs(pod *apiv1.Pod, pdbs []*policyv1.PodDisruptionBudget) (
 func hasSaveToEvictAnnotation(pod *apiv1.Pod) bool {
 	return pod.GetAnnotations()[PodSafeToEvictKey] == "true"
 }
+
+// This checks if pod has PodSafeToEvictKey annotation set to false
+func hasNotSafeToEvictAnnotation(pod *apiv1.Pod) bool {
+	return pod.GetAnnotations()[PodSafeToEvictKey] == "false"
+}